UPM Institutional Repository

An effective naming heterogeneity resolution for XACML policy evaluation in a distributed environment


Citation

Teo, Poh Kuang and Ibrahim, Hamidah and Sidi, Fatimah and Udzir, Nur Izura and Alwan, Ali Amer (2021) An effective naming heterogeneity resolution for XACML policy evaluation in a distributed environment. Symmetry-Basel, 13 (12). art. no. 2394. pp. 1-26. ISSN 2073-8994

Abstract

Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Naming heterogeneity between the attribute values of a request and a policy is common due to syntactic variations and terminological variations, particularly among organizations of a distributed environment. Existing policy evaluation engines employ a simple string equal matching function in evaluating the similarity between the attribute values of a request and a policy, which are inaccurate, since only exact match is considered similar. This work proposes several matching functions which are not limited to the string equal matching function that aim to resolve various types of naming heterogeneity. Our proposed solution is also capable of supporting symmetrical architecture applications, in which the organization can negotiate with the users for the release of their resources and properties that raise privacy concerns. The effectiveness of the proposed matching functions on real XACML policies, designed for universities, conference management, and the health care domain, is evaluated. The results show that the proposed solution has successfully achieved higher percentages of Recall and F-measure compared with the standard Sun’s XACML implementation, with our improvement, these measures gained up to 70% and 57%, respectively.


Download File

Full text not available from this repository.
Official URL or Download Paper: https://www.mdpi.com/2073-8994/13/12/2394

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.3390/sym13122394
Publisher: Multidisciplinary Digital Publishing Institute
Keywords: Access control policies; Policy evaluation; Naming heterogeneity; XACML
Depositing User: Ms. Nuraida Ibrahim
Date Deposited: 03 Apr 2023 07:52
Last Modified: 03 Apr 2023 07:52
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.3390/sym13122394
URI: http://psasir.upm.edu.my/id/eprint/95825
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item